OK, here is another idea, but I'm looking for comments before I actually
implement this.

As reported earlier, the goal is to enable audit logging and potential
content filtering at each of several small satellite office with just 2 - 4
PCs each.  Also to try to eliminate the need for a PC dedicated to being a
traffic cop (eg IPCop), and to minimize the remote administration necessary.

The corporate home office already has logging and content filtering
capabilities, and the PCs at the remote offices will be running VPN clients
to connect to the home office.  Can I force the remote PCs to channel their
browsing through the VPN and thus allow the logging and content filtering of
the home office to track the remote offices as well?

One implication here is that there is increased bandwidth on the home office
T1 when the offices have a more direct internet connection.  But in theory
they think there *should* be little enough traffic happening that it won't
make a noticeable difference. So here is what I tried, and it seems to be
working, but I'm looking for comments.

Configuration steps:
 1) Install Linksys WRT54G router as DSL gateway for a remote location
 2) Install VPN client on each PC at a remote location
 3) Configure a VPN connection to home office LAN
 4) Block all outbound HTTP and HTTPS traffic at the Linksys router to
avoid directly browsing via the DSL connection
 5) Configure browser to use a proxy server at the home office (so via the
VPN connection)

In a simple trial here, it seems to work.  Browsing is blocked until I
establish a VPN connection, then all traffic is logged / filtered at the
corporate system.

Disadantages:

 - Increases bandwidth usage on the corporate WAN link because it includes
all remote browsing (and it is bi-directional besides...)
 - Slower remote browsing due to both VPN overhead and shared bandwidth
with corporate users

Advantages:

- All audit logs and content filters are in a single location at the
corporate office
- Disabling the HTTP proxy does not bypass the logs / filters; it disables
browsing due to block at router
- Attaching another device such as a laptop to the switch does not allow
circumvent of the rules

Aside from the increased corporate bandwidth issue, what problems are there
with this configuration?  In a simple test, it appears to work and lets me
get by with a $60 router at each location (which is actually just $40 this
week at the local OfficeMax).

Comments anyone?

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.